[Yeti DNS Discuss] 答复: Too many dependencies
muks at mukund.org
Mon Aug 27 09:34:30 UTC 2018
On Mon, Aug 27, 2018 at 04:32:59PM +0800, Davey Song(宋林健) wrote:
> Can you share some background on this "issue" ?
iDNS was a type of attack presented by a french security person 3-4
years ago. Basically, if a resolver has to resolve a nameserver's
address, that can involve recursively looking up other nameserver
addresses (indirection) infinitely. BIND (see CVE-2014-8500) and other
resolver projects were affected by this, and the fix was to have options
that forced a hard limit on the number of individual fetches a resolver
would perform to service a client query, and also a limit on the levels
of indirection when looking up a nameserver address.
More information about the discuss